Archive for May, 2007

iTunes 7.2 is out

Wednesday, May 30th, 2007

iTunes 7.2 is out.

iTunes 7.2

This is an important release of iTunes because it supports DRM-free iTunes music(also known as iTunes Plus - the “Plus” is for the extra 30 cents “piracy tax” that you’ll have to pay for these tunes).  So, if you're eager to pay $1.29 a track, you'll need this update (although I can't see any iTunes Plus tracks available yet).

Should you fear Firefox add-ons?

Wednesday, May 30th, 2007

Should you fear that Firefox add-ons might be making your system vulnerable to hackers?  According to Chris Soghoian, the Indiana University doctoral candidate who discovered the weakness, you should be:

Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).

As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore -- a fairly trivial attack given the myriad free, point-and-click hacking tools available today -- he could also intercept this update process and replace a Firefox add-on with a malicious one.

When I first read this I expected it to relate to obscure add-ons.  I was wrong.  It seems that some big names have fallen foul to this problem.  Affected add-ons include:

  • Google Toolbar
  • Google Browser Sync
  • Yahoo Toolbar
  • Del.icio.us
  • Facebook Toolbar
  • AOL Toolbar
  • Netcraft Anti-Phishing Toolbar
  • PhishTank SiteChecker

Expect this issue to be fixed shortly.  However, fixing these add-ons doesn't fix all add-ons out there.  It seems to me that the problem here is that the mechanism for updating add-ons within Firefox is flawed and that add-ons that don't update over a secure connections should be prevented from updated by default. 

Improve virtual machine performance

Tuesday, May 29th, 2007

Scott Hanselman has posted an extensive list of virtual machine performance checklist items.  If you're like me and make a lot of use of virtual machines (like VMware) then these will be handy.

Here are some of Scott's top tips:

  • Make sure your Host Operating System's disk is defragmented.
  • Run Fewer Applications.
  • Considering making a custom Windows install for your VMs.

He also lists some useful but obscure tweaks:

  • Give your Virtual Machines LESS MEMORY.
  • Don't use NTFS Compression on the Virtual Machine Hard Drive File in the Host Operating System.

And the top tip:

  • Run the Virtual Machine on a separate spindle.

Excellent!

Linux car crashes at Indy 500

Tuesday, May 29th, 2007

Well, you know what they say, it's hard to get good drivers for Linux!

Linux carWhen the pale blue "Linux car," also known as car #77 from Chastain Motorsports, was the first car to crash in the 91st Indianapolis 500 on Sunday, we can imagine hordes of geeks wishing it had been a "Vista car" instead. Imagine the "blue screen of death" jokes that could have resulted!

The Linux car, as you probably know already, was the result of a campaign called Tux 500, jump-started by two enthusiasts named Bob Moore and Ken Starks. They solicited donations from fellow Linux fans in a "community powered Linux marketing program" to make the open-source operating system a household name by putting its logo on a race car. Unfortunately, it's likely going to be remembered as "the car that placed last."

Google acquires GreenBorder

Tuesday, May 29th, 2007

I've written some positive reviews of the GreenBorder security software that sandboxed your browser from the OS, helping to keep you safe from malware.  We, the company now belongs to Google.

Google has quietly made its first anti-malware acquisition, snapping up GreenBorder Technologies, a venture-backed company that sells browser virtualization security software.

The acquisition gives the search engine a key piece of technology to block Web-based exploits that prey on flaws in the two most widely used browsers — Microsoft’s Internet Explorer and Mozilla’s Firefox.